NSA Agents Told To Withhold Target Information From Those In Charge Of Oversight

from the and-the-hits-keep-coming dept

There's so much information that's coming out of last night's Washington Post bombshell that just continues to yield incredible information about what defenders of these programs have been saying as compared to what's actually happening. Here's another one. One of the documents released with the report, via Ed Snowden, shows that NSA agents were directly told to give their overseers as little information as possible. The document explains to agents the process for justifying why they were requesting targeting (i.e., a more detailed look concerning an individual or group -- not just at that person's communications, but potentially anyone even remotely connected to them), and makes it clear that they are to give the bare minimum necessary to fulfill their reporting requirements, but not even the slightest bit beyond that. In fact, they're told to give a single short sentence, and to make sure it includes no "extraneous information."

The basic premise of this process is to memorialize why you the analyst have requested targeting. This rationale will be provided to our external FISA Amendment Act (FAA) overseers, the Department of Justice and Office of the Director of National Intelligence, for all FAA targeting.

While we do want to provide our FAA overseers with the information they need, we DO NOT want to give them any extraneous information.... This rationale can be no longer than one short sentence.

The document goes on to list a variety of "example" rationale sentences, all pretty short and sweet, which basically demonstrate to NSA agents how to remove any pertinent information for oversight, while still giving a "reason" for targeting someone. It's a lesson in stripping out information and, as the Washington Post notes, replacing it with "generic" info that will pass muster with the folks supposedly in charge of oversight. As an aside, while parts of them are redacted, there are a few "fake" names given, including "Mohammad Badguy" and "Muhammad Fake Name." No profiling there.

Either way, this once again suggests that the "oversight" going on here is something of a joke. Analysts are directly being told to be careful not to explain very much at all, giving the briefest ("one short sentence, no extraneous information") basis for getting access to all sorts of information concerning a "target" -- which might include a variety of communications and metadata concerning a huge number of people very, very, very loosely connected with that target. It certainly suggests that this idea of "oversight" is pretty laughable. Concoct a one sentence "rationale" that sounds vaguely plausible, and it appears that no one's going to ask any questions at all.

Reader Comments

I think this is officially the worst crisis the US Govt is going under ever. It's a crisis of ethics, public trust and morals (as in the morals they always championed such as human rights, freedom of speech etc).

Yes, but Obama campaigned hard against Bush policies. He also got the Nobel Peace Prize for not being Bush. And the Bush admin would've either given no comment or been like, you caught us, here's our rationale (even if it was racist and overly hawkish). Now it's like that kid that gets caught lying and just keeps lying and lying and everybody's just looking at him like he's stupid.

Re: Let me use this "one short sentence" approach:

You are an idiot trying to distract the conversation from what could possibly be the biggest constitutional violation in history which makes me believe you are in bed with the scum bags involved in this.

Re: Let me use this "one short sentence" approach:

That's because you insist on using it, you liar and hypocrite. You claimed to not be using gmail, remember. And you already know that all the services you use from Google are available elsewhere, so don't roll naked in poison ivy and complain about the resulting rash, you fool.

But the "Mission"

We have had the "But the Children" excuse and "But, But Terrorist" excuses bandied about. Well here's a new one "But the Mission". Considering how many generals and ex-military seem to be walking around the NSA, it seems the mindset came along as well.
Similar to the mindset we've seen at the DOJ, "Must WIN at all Costs". This means innocent people get put in jail at DOJ, and for NSA, people lose all the rights granted by the Constitution that NSA is supposed to be protecting.
While it is an admirable but misguided goal, the NSA (plus NYPD and other law enforcement agencies) are trying to stop crime before it happens, to "you know", save lives. But they are doing it by taking away our rights.
While crime prevention is an admirable goal, they are not the pre-crime unit with people who can see the future. The worst part of it is that they are the ones who are committing the whopping big crime of violating the Constitution.
These revelations leave me thinking that they have a criminal lawyer sitting at there shoulder saying "Objection, don't answer that question" who also spent some time "prepping the witness".
The "good guys" who are supposed to be preserving our constitutional rights have gotten themselves so focused on "completing the mission" of saving the lives of everyone have lost focus of everything else. Including the fact that they are "in spirit" and "in fact" trampling the very Constitutional laws they are supposed to be upholding.

Re:

Oversight? Not happening!

Our "esteemed" Congress is supposed to provide oversight of these TLA's (Three Letter Agencies), but they keep harping upon their oath to "protect the American people". What boneheads! Their oath of office has always been to "protect, and defend the Constitution", NOT to "protect the American people". From the US Senate web site, the Senate Oath of Office:

"I do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservation or purpose of evasion; and that I will well and faithfully discharge the duties of the office on which I am about to enter: So help me God."

Nothing there about "protect the people"...

So, these asshats are all (with a few exceptions) violating their oaths, and are thus liable for impeachment and recall from office.

Specifically denying those in oversight any information resembling probable cause is pretty damning. One would think that half the point of oversight was to make sure you had reasonable probably cause to target someone.

Re:

Heck, it's not just oversight. How about:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

I'm sick of all this "oath to defend the constitution yada yada yada..." The oaths they take are given to nobody, its not signed, and has no legal force whatsoever. Its less than a primise even, because a promise you make to another person. The "oath" is akin to a new years resolution to quit smoking. Its NOT A CONTRACT. I'm sorry if you thought otherwise.

Re:

Re:

The oath of office is important enough that when John Roberts botched it for Obama back in 2009, they re-did the swearing of the oath the next day. And all that was wrong was the placement of the word faithfully.

Oversight is impossible

Re: Oversight is impossible

unless those doing the overseeing can have direct access to the people being overseen, which includes the workers. relying on paper and in person reports from managers means filtered information, and possibly outright lies.

To be fair

asking for a field to be short and punchy is a pretty normal and reasonable practice in database management. It's usually to do with producing tabular reports that don't have really wide columns.

But then...
- the field is required to have 3 elements, why not have 3 fields?
- why is the justification in the comments field, not the shareable justification field?
- why the need for the TAR flag?

My thoughts are that the database was set up to receive detailed justifications, but the process has been evolved to put a summarised title justification there instead. I suspect that there are more flags like TAR that aren't being used (e.g. detailed explanation).

What this really comes down to is that the FAA overseers have been lazy in accepting this level of detail without further questioning. It suggests the entire process of oversight was running a finger down a column and saying "this looks ok - all nice and regular".

If no one asks for the information, why would they provide the information?

Re: To be fair

What this really comes down to is that the FAA overseers have been lazy in accepting this level of detail without further questioning. It suggests the entire process of oversight was running a finger down a column and saying "this looks ok - all nice and regular".

It suggests that because that's the way it actually is -- but I don't think it's laziness. I think it's the intentional design.

Re: Re: To be fair

And I just noticed the last paragraph of the article sort of says what I meant in my post.

“I realize you can read those words a certain way,” said the high-ranking NSA official who spoke with White House authority, but the instructions were not intended to withhold information from auditors. “Think of a book of individual recipes,” he said. Each target “has a short, concise description,” but that is “not a substitute for the full recipe that follows, which our overseers also have access to.”

But that leads to asking what the "full recipes" actually say, whether overseers are provided with that info automatically or have to ask for it, and whether they every actually read it.

A lot of this is starting to reek of typical "big company" practices - work to the bare minimum; guidelines become strict rules; the summary report be all and end all. As such, that would make me less concerned about such practices. But then that further leads to bigger questions - why change the laws to accommodate such things? why hide them? why lie about them?

I think they started off going "yeah, we've got oversight and good practice coming out of ears. Bring it on!" Then they've looked at it and gone "Oh shit".

Re: Re: Re: To be fair

Normal SOP - Move on nothing new here

I can see that this can viewed as trying to hide stuff and it more than likely has some of that going on. But really it is SOP for the letter orgs. I bet if you looked at the internal documents from any of them, FBI, CIA, NSA, NASA, DOE, DOI, and any other one you can think of they would pretty much read close to the above documents.

They don't want oversight. They don't like oversight. They like to do what they think they need to do and only subject themselves to providing the overseers with the legally required information. And not one single thing more.

And as much as I hate to admit it, that is actually logical. The people in Congress are largely elected based on some knowledge and a lot of personality. So 90% of time they really don't know what the heck they are looking at.

For example: Let's say you are computer tech. You fix a customer's computer. Do you explain to them all the steps you had to do to remove the 5000 pieces of spyware and viruses from there computer and why it was causing all the issues they were seeing? Or do you give them the simple break down. "Everything is fixed and your computer is running great now."

Re: Normal SOP - Move on nothing new here

Let's say you are computer tech. You fix a customer's computer. Do you explain to them all the steps you had to do to remove the 5000 pieces of spyware and viruses from there computer and why it was causing all the issues they were seeing?

If the customer asks, then yes. And that's the problem here -- the "customer" isn't asking.

Re: Re: Normal SOP - Move on nothing new here

Right! But even if they ask you still don't spell it out in too much detail. You give them enough detail to make them understand how much work you did. Unless of course you are trying to impress them with all the hard work it took.

Re: Re: Re: Normal SOP - Move on nothing new here

Perhaps, but in this case they're they're not only not 'spelling things out' and explaining in heavy detail, they are flat out lying on the few details they do give.

It's like the difference between 'You had some programs at risk, I updated them, you should be good'(Truth) and 'You had a whole slew of virus' and malware, and while I think I got them all, I'll have to come in regularly to make sure. That'll be $150'(Not so truth)

memorialize

I could only wish they meant memorialize. That would be mean the targeting is coming to an end and I would like to see the targeting of Americans (Canucks too), at least, come to an end. I would have used "memolate" or maybe "obfuminiscate".

Missing an Important Point?

The non-tech folks seem to be responding to the idea of "programming errors" as a factor in the errors reported in the WaPo NSA audit article. But it might be useful to let the natives know that the level of "programming" required seems to be on par with typing in your CCV code when buying something online. In other words, the real story is about hiw ridiculously easy it is for ANY operator to acquire,collect, and examine any form of digital information from ANY SOURCE in the world... unless that xKEYSCORE screen cap isn't really like enCASE....